[Samba] Samba User authentication from external LDAP server
Gaiseric Vandal
gaiseric.vandal at gmail.com
Tue Aug 7 10:13:37 MDT 2012
You need to configure smb.conf with either
"unix password sync" (along with "passwd chat" and "passwd program")
or with
"pam password change "
I use the unix password sync option- it passes the new password value
to a shell script which then calls an ldap server command to change the
password. The script includes the user ID and pw of an account in the
LDAP server with appropriate permissions to set the password.
I don't know if "pam password change" would work in LDAP. The root
account (under which samba runs) has the ability to change local or NIS
passwords with the "passwd" command without knowing the old password.
But the unix root account is not by default an LDAP admin.
If you truly want to use only the LDAP password for Samba authentication
then you need to configure plain-text password storage for everything.
Which is probably a bad idea.
On 08/07/12 11:35, RAKESH PRITMANI wrote:
> I need to authenticate samba users from external LDAP server, tried a
> few options but when I change LDAP password, the samba password does
> not change. Is it possible to do away with Samba password and only use
> LDAP password
>
> Rakesh
More information about the samba
mailing list